A new security policy adopted by your organization states that you must monitor for attacks that compromise user accounts. Which of the following activities should you monitor?
A. sensitive file access in a 12-hour period
B. average throughput of the network perimeter
C. failed logins in a 24-hour period
D. port scans in a 24-hour period
C
Explanation: You should monitor failed logins in a 24-hour period. Brute force attacks will attempt to access the same user account using different passwords, resulting in repeated failed logins.
None of the other activities will help you to monitor for attacks that compromise user accounts.
You might also like to view...
An All-in-One printer/scanner/copier device would be considered a(n) __________.
Fill in the blank(s) with the appropriate word(s).
The plot area of a chart is bounded by the axes, including all the data series
Indicate whether the statement is true or false
The _________________________ function is useful when you want to assign a value to a cell based on a logical test.
Fill in the blank(s) with the appropriate word(s).
A security analyst notices anomalous activity coming from several workstations in the organizations. Upon identifying and containing the issue, which of the following should the security analyst do NEXT?
A. Document and lock the workstations in a secure area to establish chain of custody B. Notify the IT department that the workstations are to be reimaged and the data restored for reuse C. Notify the IT department that the workstations may be reconnected to the network for the users to continue working D. Document findings and processes in the after-action and lessons learned report